{"data":{"id":"8d28c676-41df-4229-865c-3ec8075674ec","title":"${\\mathsf{KubeSec}} $KubeSec: Automatic Detection of Takeover Risks Introduced by Third-Party Apps in the Kubernetes Ecosystem","summary":"Third-party applications (TPAs, external software added to Kubernetes clusters) can be exploited to take over Kubernetes clusters, a container orchestration platform (software that manages containerized applications). Researchers created KubeSec, a tool that automatically analyzes these applications to find security weaknesses, discovering 562 insecure RBAC (role-based access control, a permission system in Kubernetes) patterns and 375 vulnerabilities affecting millions of users. The research revealed that these vulnerabilities take over 10 months on average to fix, highlighting a critical security gap in Kubernetes cluster management.","solution":"N/A -- no mitigation discussed in source.","labels":["security","research"],"sourceUrl":"http://ieeexplore.ieee.org/document/11434533","publishedAt":"2026-03-13T13:17:13.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":["supply_chain"],"issueType":"research","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-03-13T13:17:13.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity","availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.75,"researchCategory":"peer_reviewed","atlasIds":null}}